Description:
Multiple vulnerabilities were reported in Mozilla Firefox. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can conduct clickjacking attacks.

A remote user can create specially crafted content that, when loaded by the target user, will trigger a buffer overflow, use-after-free, or memory corruption error and execute arbitrary code on the target system [CVE-2014-1533, CVE-2014-1534, CVE-2014-1536, CVE-2014-1537, CVE-2014-1538, CVE-2014-1540, CVE-2014-1541, CVE-2014-1542]. The code will run with the privileges of the target user.

On Windows 8 systems with a gamepad or virtual gamepad installed, a user can trigger a buffer overflow in the Gamepad API to execute arbitrary code [CVE-2014-1543]. Version 29.x is affected.

A remote user can create a specially crafted embedded flash object that, when loaded by the target user, will cause the cursor to be made invisible, facilitating clickjacking attacks [CVE-2014-1539].